[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dropping setuid/setgid privileges
From: |
Sergey Poznyakoff |
Subject: |
Re: dropping setuid/setgid privileges |
Date: |
Thu, 11 Jun 2009 21:28:05 +0300 |
Bruno Haible <address@hidden> ha escrit:
> What is the use-case that you are considering? A setuid/setgid executable,
> or an executable run by root?
I was considering an executable run by root.
> And what task does it do, related to the user's data and devices?
Retaining supplementary is often necessary for the program to be
able to access various files. I use this approach in Mailfromd
(http://www.gnu.org.ua/software/mailfromd).
> > idpriv_drop_grp (size_t ngrp, gid_t *groups)
>
> Should that drop the specified supplementary groups (and keep the rest),
> or keep the specified supplementary groups?
It should keep only the specified supplementary groups and
drop the rest. If ngrp==0 it should drop all supplementary
groups.
Regards,
Sergey
- Re: [PATCH] chroot specify user/group feature, James Youngman, 2009/06/04
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/07
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/07
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/07
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/08
- Re: dropping setuid/setgid privileges, Sergey Poznyakoff, 2009/06/10
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/11
- Re: dropping setuid/setgid privileges,
Sergey Poznyakoff <=
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/11
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/11
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/11
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/12
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/12
Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/08